Lotan provides your enterprise with the unique capability to detect attacks earlier, and with greater confidence. The fragility of exploits in the face of modern countermeasures and environment heterogeneity often leads to application crashes. Lotan analyzes these crashes to detect the attack and aid the response.

Lotan collects crashes using either a simple registry change on Windows, or a small userland application for Linux.

A RESTful API allows you to share evidence and conclusions with your existing Threat Defense and SIEM solutions. The API provides insight into each step of Lotan's workflow, including detailed information required to understand and respond to the threat rapidly.

Lotan relies on a patent-pending instruction set emulator and classifiers to detect the following exploitation methods and artifacts:


  • Automatically detect exploitation of both known and unknown vulnerabilities
  • Decrease incident response time
  • Increase insight into the health of your network and systems
  • Automate event response with confidence
  • Heap Spray
  • Return-Oriented Programming
  • Jump-Oriented Programming
  • Corrupted Virtual Pointer
  • JIT Spray
  • Self-Modifying Code
  • Use After Free
  • Call Frame Alignment
  • Corrupted Function Pointer
  • Temporal Anomalies
  • Stack Pivots
  • Known-Malicious Code

Lotan greatly increases the accuracy, rate, and speed with which threats are detected, and impedes the ability of adversaries to operate undetected within your network.

Contact us today to see a demonstration of Lotan's capabilities.

Click here for a PDF flyer for Lotan.

Click here for compatibility information.